Pages

Friday, March 18, 2011

Privacy and Trust

Discussion at Washington Innovation Summit

The cartoon that started
all the discussion

~ Is privacy a quaint notion as web sites track users, aggregate data, mine it and sell it to advertisers? Should we have some kind of "Do Not Track" opt-in or other list to protect the web-surfing public? Such questions occupied part of the morning at today's Washington Innovation Summit. Several panelists, including Washington State Attorney General Rob McKenna, took a swing at it.

There are 33 ways (according to Microsoft Chief Architect Sean Nolan) that web sites can track your Internet behavior and use the information to better target ads forto at you. (There was some mention of tailoring content to you as well, but—timeout for honesty!—most sites explicitly encourage you to tell them what you want by setting preferences or directly searching. When was the last time you were asked what kinds of ads you'd like to see? The surreptitious tracking is for ads, not the content you came to the site to find.) The most insidious part of this secretive data collection is that much of it is collected or quietly handed off to entities other than the one that provides the site content one went to find. There's a host of third party data collectors that are compiling information on each of us based on what we do on the web. You probably don't even know who they are.

Should we worry? Should we regulate? Are we losing our privacy?

Nolan joked that Oracle's Larry Ellison already thinks we have, and so what? (The database mogul has pooh-poohed privacy for years, pushed national ID cards and remarked "in the electronic age, little privacy is left anyway." Sun's Scott McNealy felt much the same way. Little surprise then that Oracle swallowed Sun.) Nolan suggested that personal identifiers could be stripped from such information, allowing a "free swim" environment.

Internet pioneer Larry Smarr, who earlier had fascinated the audience with an explanation of how he has instrumented his own body, noted that "Quantified Self" sites tend to share more info. He shrugged and said he thought it odd that people were so reluctant to talk about their own bodies. Some of his slides showed some of the data he had collected on himself, and his talk provided several compelling stories supporting his thesis that more openness would lead to better healthcare outcomes. He did admit, however, that there probably needed to be more focus on security and privacy (not the same thing.)

OVP Managing Director Rick LeFaivre was more thoughtful, noting that there were legitimate concerns with the "predictive aspects" of data collected about web users. As more data is fed into the Borg Collective of ever-more connected computer networks (what the UW's Professor Ed Lazowska earlier called Networking Information Technology) it becomes ever-easier to mine that data and identify seemingly anonymous web users to a highly specific degree.

Washington State Broadband Policy and Programs Director Wilford Saunders agreed, and added that there were many issues around minors. How do you form a digital identity as a two-year old? Should parents concoct a sham identity as protection?

More critically, if no one on the Internet knows you're a dog, then they probably don't know that you're a minor either. Most people and virtually all parents want children protected from Internet threats, such as scammers, stalkers and perverts. Today data of unknown kinds is collected by entities unknown to us and correlated with other data to build profiles. While it may perhaps be OK to use that information to send "targeted" ads to adults, do we want the same to our children? What other kinds of, gulp, appeals might unknown people send to our children? Can the information be used to identify and find them not just on the web, but in their physical locations--homes, schools, and recreation?

McKenna agreed that the Attorney General needs to respond to "creepiness" and to police for "legitimate concerns." However, his motivation to do so was based in no small part on a desire to prevent the need for "bigger regulation." McKenna asserted that "the best solution is a market-based solution" and it would be best if the companies involved were self-policing.

Left unexplained, however, was how that could distinguish between different Internet users, especially minors and adults. If any of us could be a dog on the Internet, how can there be any kind of nuanced self-policing that both allows the "targeting" of ads for anything from La-z-boys to sex toys, and still protects minors to the extent their parents demand. It seems that error must be in the direction of more controls and restraint, not less.

The idea that we must somehow "balance" the needs and interests of consumers and companies here is the poster child of a false equivalence. What balance? And between what and whom? Why must there be balance between people and commercial interests? Are their rights to "target" us on some kind of Bizarro World par with our rights to protect our families? People come first. Or, at least, they should. It's not as if anyone is saying advertisers can't put ads on web pages. Go ahead. Just don't profile me, my kid or my dog to do it. As if you can tell the difference.

Finally, McKenna's pious humming from the GOP free-market hymnal is, like second marriages, the triumph of hope over experience. He might like to believe that "it is faster and works better to self-regulate" but that didn't turn out very well when the banksters did it. Or in the Gulf of Mexico. How much damage must be done to the lives of real people before we strike the right balance—in favor of people over profit?